| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* gpg-agent: sort private-bin (even though it's commented)
* gpg-agent: fix private-bin
|
| |
|
|
|
|
|
| |
* add comment on intentional duplication of blacklisted kernel configuration
* disable-proc.inc: update the duplication comment
* disable-common.inc: add duplication notice for kernel configuration
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* disable-programs.inc: add ssmtp support
* Create ssmtp.profile
* ssmtp: support Debian/Ubuntu
* README.md: add ssmtp to 'New profiles' section
* disable-common.inc: move ssmtp support to keep CI happy
* ssmtp: improve dead.letter comment
Suggested in [review](https://github.com/netblue30/firejail/pull/5544#pullrequestreview-1225322546).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* seahorse: fixes and hardening
* seahorse-daemon: hardening
* seahorse-tool: move private-etc items to seahorse
* seahorse: unbreak nautilus file encryption
As suggested [in review](https://github.com/netblue30/firejail/pull/5543#pullrequestreview-1225250520).
* seahorse-tool: move private-tmp to seahorse
* seahorse: add private-tmp
* seahorse: fix access to ssh-agent socket
|
| | |
|
| |\
| |
| | |
Revert "remove make deb and use make deb-apparmor to build packages"
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 82299440533f54bd45bd5ec69136233c04028c15.
The idea is to later enable building the .deb package with AppArmor by
default with `make deb` and to then remove `make deb-apparmor` (though
note that some ci changes might also be needed in tandem[1]). This
could potentially allow building a .deb package for all firejail
versions (including past and future ones) with just `make deb`.
Also, note that other options can be added/removed to the default `deb`
target (besides AppArmor-related ones), so ideally there would be only a
single `deb` target with all the desired options applied.
So instead of releasing a version without `make deb` and then
potentially adding it back and removing `make deb-apparmor`, just leave
the targets as is (considering the current release, 0.9.70) for now.
[1] https://github.com/netblue30/firejail/pull/5176#issuecomment-1146855467
|
| |
|
|
|
|
|
|
|
| |
* audacity: networking updates
* audacity: fix allowing to run local server
* audacity: move comment so it's more visible
As suggested [in review](https://github.com/netblue30/firejail/pull/5540#pullrequestreview-1225225897).
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* audacity: support more config locations
* disable-programs.inc: add more audacity locations
* audacity: cover all XDG supported locations
* audacity: cover all XDG supported locations
* audacity: fix state dir entree in disable-programs.inc
* unbreak disable-programs.inc
Oh my, GitHub syntax highlighting support completely threw me off here. Thanks to @kmk3 for [saving the bacon](https://github.com/netblue30/firejail/pull/5538#pullrequestreview-1224604663)!
|
| |
|
|
| |
Relates to #5274 #5316 #5317.
|
| |
|
|
| |
Relates to #4939 #5259.
|
| |
|
|
| |
Relates to #5440 #5493 #5502 #5537.
|
| |\
| |
| |
| |
| | |
netblue30/dependabot/github_actions/actions/checkout-3.2.0
build(deps): bump actions/checkout from 3.1.0 to 3.2.0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8...755da8c3cf115ac066823e79a1e1788f8940201b)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |\ \
| | |
| | |
| | |
| | | |
netblue30/dependabot/github_actions/github/codeql-action-2.1.37
build(deps): bump github/codeql-action from 2.1.36 to 2.1.37
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.36 to 2.1.37.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/a669cc5936cc5e1b6a362ec1ff9e410dc570d190...959cbb7472c4d4ad70cdfe6f4976053fe48ab394)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |\ \
| | |
| | | |
add restrict-namespaces to (almost) all profiles
|
| |/ / |
|
| | |
| |
| |
| | |
Relates to #5488 #5504.
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| |\
| |
| |
| |
| | |
netblue30/dependabot/github_actions/github/codeql-action-2.1.36
build(deps): bump github/codeql-action from 2.1.35 to 2.1.36
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b2a92eb56d8cb930006a1c6ed86b0782dd8a4297...a669cc5936cc5e1b6a362ec1ff9e410dc570d190)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |\ \
| | |
| | | |
Avidemux tools support
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a profile for the Qt5 GUI to process Avidemux jobs.
Use a redirection to the avidemux3_qt5 profile to reuse translation
files. The application needs to create a network socket on localhost and
fails to run with protocol unix, so that entry in the default avidemux
profile needs to be extended.
|
| | | |
| | |
| | |
| | |
| | | |
Add a profile for the command-line interface of Avidemux, which
redirects to the existing avidemux profile.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The Avidemux project stores configuration profile data in ~/.avidemux6,
while the package built by Packman-repositories for openSUSE patches it
to use ~/.avidemux3 at the moment (at least for Avidemux 2.8).
|
| | | |
| | |
| | |
| | | |
Add a profile for the Qt5-GUI of Avidemux.
|
| | | |
| | |
| | |
| | | |
Add the information that file contents will be overwritten on updates.
|
| | | |
| | |
| | |
| | |
| | | |
* qbittorrent: add support for Qt6
* wusc: add support for Qt6
|
| |/ /
| |
| | |
Overlooked [this comment](https://github.com/netblue30/firejail/pull/5389#discussion_r992471940) that pointed out a mistake I made.
|
| |/
|
|
|
|
|
| |
* clipit hardening
* clipit: fix hardening
* clipit: add xdotool lib to private-lib
|
| | |
|
| |\
| |
| | |
build: actually set LDFLAGS/LIBS & stop overriding CFLAGS/LDFLAGS
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From the manual of GNU Automake (version 1.16.5)[1] [2]:
> 3.6 Variables reserved for the user
>
> Some `Makefile` variables are reserved by the GNU Coding Standards for
> the use of the "user"—the person building the package. For instance,
> `CFLAGS` is one such variable.
>
> Sometimes package developers are tempted to set user variables such
> as `CFLAGS` because it appears to make their job easier. However, the
> package itself should never set a user variable, particularly not to
> include switches that are required for proper compilation of the
> package. Since these variables are documented as being for the
> package builder, that person rightfully expects to be able to override
> any of these variables at build time.
>
> To get around this problem, Automake introduces an
> automake-specific shadow variable for each user flag variable.
> (Shadow variables are not introduced for variables like `CC`, where
> they would make no sense.) The shadow variable is named by prepending
> `AM_` to the user variable's name. For instance, the shadow variable
> for `YFLAGS` is `AM_YFLAGS`. The package maintainer—that is, the
> author(s) of the `Makefile.am` and `configure.ac` files—may adjust
> these shadow variables however necessary.
>
> Note Flag Variables Ordering::, for more discussion about these
> variables and how they interact with per-target variables.
See also the description of CFLAGS in the GNU Autoconf manual[3].
Note: We do not use automake (save for aclocal) nor generally follow the
GNU Coding Standards, but the concept still applies. Also, the closest
analogous in the project to the `AM_` prefix would currently likely be
`EXTRA_`.
[1] https://www.gnu.org/software/automake/manual/1.16.5/html_node/User-Variables.html
[2] https://www.gnu.org/software/automake/manual/1.16.5/html_node/Flag-Variables-Ordering.html
[3] https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Preset-Output-Variables.html
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
LIBS is the variable that Autoconf uses to put library flags. From the
manual of GNU Autoconf (version 2.69):
> -- Variable: LDFLAGS
>
> [...]
>
> This variable's contents should contain options like '-s' and '-L'
> that affect only the behavior of the linker. Please see the
> explanation of 'CFLAGS' for what you can do if an option also
> affects other phases of the compiler.
>
> Don't use this variable to pass library names ('-l') to the linker;
> use 'LIBS' instead.
>
> -- Variable: LIBS
>
> '-l' options to pass to the linker. The default value is empty,
> but some Autoconf macros may prepend extra libraries to this
> variable if those libraries are found and provide necessary
> functions, see *note Libraries::. 'configure' uses this variable
> when linking programs to test for C, C++, Objective C, Objective
> C++, Fortran, and Go features.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Both variables are used inside on src/prog.mk and src/so.mk, but they
are not currently defined in any makefile, so their values cannot be
substituted by ./configure.
This means that the variables can be set when running make (such as with
`make LDFLAGS=-Lfoo`), but changing them in configure.ac has no effect.
The same applies when trying to set them when running ./configure (such
as with `./configure LDFLAGS=-Lfoo`).
|
| | |
| |
| |
| |
| |
| | |
Currently, only EXTRA_CFLAGS and EXTRA_LDFLAGS are printed.
See also the variables defined on config.mk.in.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Just like the other nearby error messages for `chdir`.
Relates to #5510.
Suggested-by: @gitsteff
|
smitsohu
netblue30
glitsj16
rusty-snake
Kelvin M. Klann
dependabot[bot]
Hartmut Knaack